On Mon, Nov 19, 2012 at 2:25 AM, Matthew Thode <[email protected]> wrote: > Originally virtualization was slow on grsec/pax with either uderef or > kernexec enabled.
My impression was that UDEREF/KERNEXEC were slow in guest. Is it wrong, or did these settings affect host as well? > Pipacs overcame this limitation in 3.5.4-r1 and > overcame a memory commit issue kvm was having in 3.5.4-r2. He overcame > it using nested page tables on newer CPUs, which means older CPUs will > likely still be slow. So one needs at least 3.5.4-r2 in both hardened guest and host, and nested page tables support in CPU? -- Maxim Kammerer Liberté Linux: http://dee.su/liberte
